<?php
class NerdPass_Acl {
	protected static $acl;
	
	/* Create ACL */
	public static function factory() {
		self::$acl = new Zend_Acl();
		
		self::$acl->addRole(new Zend_Acl_Role('user'))
				  ->addRole(new Zend_Acl_Role('admin'), 'user');
		
		self::$acl->add(new Zend_Acl_Resource('passwords'));
		self::$acl->add(new Zend_Acl_Resource('usermanager'));
		
		self::$acl->deny('user', 'usermanager');
		self::$acl->allow('user', 'passwords');
		self::$acl->allow('admin', 'usermanager');
	}
	
	public static function isAllowed($username, $resource) {
		// Get role
		$user = NerdPass_Data::getUser($username);
		$role = $user['role'];
		return self::$acl->isAllowed($role, $resource);
	}
	
	public static function getRoles() {
		return array(
			'user' => 'User',
			'admin' => 'Administrator'
		);
	}
}